An official website of the United States government.

This is not the current EPA website. To navigate to the current EPA website, please go to This website is historical material reflecting the EPA website as it existed on January 19, 2021. This website is no longer updated and links to external websites and some internal pages may not work. More information »

Privacy Impact Assessment for the Case Management System for Suspension and Debarment

On this page:

I. Data in the System

  1. Generally describe what data/information will be collected in the system.

    Information in the system includes basic information about a respondent (which can be an individual). Examples are: name, assigned case number, grounds of action, who is the case investigator, case attorney, a SSN and DOB, if applicable, a DUNS number if applicable, a CAGE code if applicable, if represented then Counsel's name and contact information.

    Other information specific about the suspension and/or debarment case or statutory ineligibility such as the documents supporting the action (copy of the indictment, J&C, etc.), action request memorandum, notice, final determination, any documentation supporting any information listed on EPLS (GSA system), and other related documents.

  2. What are the sources and types of the information in the system?

    EPA and other Federal officials, state and local officials, private parties, businesses and other entities who may have information relevant to an inquiry, and individuals who have been suspended, proposed for debarment or debarred, and their legal representatives

    Various types of information all relating to the cause for suspension and/or debarment or fufillment of our duties for a statutory ineligibility.

  3. How will the data be used by the Agency?

    To create, recommend, impose an inelgibility or fufil the requirements of the statutory ineligibility. The information supports the basis for suspension and/or debarment or effectuating a statutory ineligibility.

  4. Why is the information being collected? (Purpose)

    To assist EPA in assembling information on, conducting, and documenting debarment and suspension proceedings to ensure that Federal contracts and Federal assistance, loans, and benefits are awarded to responsible business entities and individuals.

Top of Page

II. Access to the Data

  1. Who will have access to the data/information in the system (internal and external parties)? If contractors, are the Federal Acquisition Regulations (FAR) clauses included in the contract (24.104 Contract clauses; 52.224-1 Privacy Act Notification; and 52.224-2 Privacy Act)?

    Only those within the EPA Suspension and Debarment Program. In addition, one SEE employee hired under a grant to work as a secretary can only view the information.

  2. What controls are in place to prevent the misuse of data by those having authorized access?

    The system is protected by a password and Lotus Notes ID. It resides on an internal Agency server. In addition, the system is control both by an Access Control List (ACL) and a User Role function.

  3. Do other systems share data or have access to data/information in this system? If yes, explain who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)


  4. Will other agencies, state or local governments share data/information or have access to data in this system? (Includes any entity external to EPA.)


  5. Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)

    Individuals are not asked to provide information for the database.

Top of Page

III. Attributes of the Data

  1. Explain how the use of the data is both relevant and necessary to the purpose for which the system is being designed.

    Without this data, the Program would not be able to fufil it's mission to meaningfully protect the Federal government from business risks created by individuals or companies who are not presently responsible. In addition, without the data the Program could not effectively carry out its duties related to statutory ineligibilities.

  2. If data are being consolidated, what controls are in place to protect the data from unauthorized access or use? Explain.

    Not applicable.

  3. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.

    Not applicable.

  4. How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain. (A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual.)

    Primarily, the data will be retrieved by case number, case name (which is the company's or individual's name), EPA case investigator, EPA case attorney. The system can retrieve a case by a search of th SSN.

  5. Is the Web privacy policy machine readable? Where is the policy stated? (Machine readable technology enables visitors to easily identify privacy policies and make an informed choice about whether to conduct business with that site.)

    This database is not available via the web.

Top of Page

IV. Maintenance of Administrative Controls

  1. Has a record control schedule been issued for the records in the system? If so, provide the schedule number. What are the retention periods for records in this system? What are the procedures for eliminating the records at the end of the retention period? (You may check with the record liaison officer (RLO) for your AA-ship, Tammy Boulware (Headquarters Records Officer) or Judy Hutt, Agency Privacy Act Officer, to determine if there is a retention schedule for the subject records.)

    EPA's Assistance and Interagency Agreement Records Schedule, NC1-412-85-25/7. For paper documents, investigative and advocacy files are destroyed after the issuance of a final determination or entry of a compliance agreement. Audit files are retained throughout the term of the relevant compliance agreement. The official administrative record is retained in the office until three months after the period of debarment or voluntary exclusion expires, or all provisions of the compliance agreement have been completed. The official administrative record is then transferred to the Federal Records Center (FRC) for storage. Files relating to cases closed without action are also transferred to the FRC three months after the decision to close the matter. The records transferred to the FRC are destroyed when they are 6 years and 3 months old.

  2. While the data are retained in the system, what are the requirements for determining if the data are still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

    Data itself is not used for determinations. The data backs up the paper record. Accuracy is assured through management oversight.

  3. Will this system provide the capability to identify, locate, and monitor individuals? If yes, explain.


  4. Does the system use any persistent tracking technologies?


  5. Under which System of Records (SOR) notice does the system operate? Provide the name of the system and its SOR number if applicable. For reference, please view this list of Agency SORs. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. The Privacy Act Officer will determine if a SOR is necessary for your system.)

    EPA-33 Debarment and Suspension Files

Top of Page